“A data spill occurs when a document containing confidential, sensitive, or malicious content is released into an untrusted environment. When a data spill is detected, it’s important to quickly contain the environment, assess the size and locations of the spillage, examine user activities around it, and then delete the spilled data from the service. “
If you would like to try this preview out, I highly recommend that you test it out in a new test tenant. Please review the reference below for further explore.
There is one functionality in this that caught my attention, is it even investigate unsupported files, example, files that are password protected cannot be processed since the files are locked or encrypted. Using error remediation, investigators can download files with such errors, remove the password protection, and upload the remediated files.
How to get to this?
- Login to your https://protection.office.com
- Scroll to the bottom of the left taskbar
- Data Investigation is just after eDiscovery
Before you could start using this preview, you have to read the Terms of Service and either approve or cancel to proceed. If you cancel, the agreement it will redirect you back to Home tab.
Microsoft takes its preview seriously.
Make sure you have Enterprise Admin account/permission to run this command and run the PowerShell as Admin.
If you run into error that you can’t bring up a new Domain Controller due to Operating System is not in the suitable forest functional level, this solution could help you out. RODC is not accepted to run these commands.
I am not sure whether does this require FSMO roles to make the changes towards these functional levels. Hence, I run these commands on the Primary domain controller.
- Login to your existing domain controller using an enterprise admin account
- Run the Windows PowerShell as Admin
- Type in the following command to change the forest functional level
- Type the following command to change the domain level
Would recommend that you study on the difference between Forest Functional Level and Domain level. I would write a blog post about it soon!
If your sync service completed with error and the error code is shown below;
Error 8344: Permission Issue Insufficient Access Rights to Perform the Operation
It means that the service account that you used to add the domain during the wizard setup does not have the correct/necessary permissions.
In the wizard, is this part
Please do take note that this is only for Password Synchronization and Password Writeback, for further extend permission please review the references below.
Step by step;
- Provide the necessary permission to the service account
- Add the service account into the Administrators Group (Built-in OU)
- At the forest level > Properties > Security > Add > service account
- Next, select the service account, scroll to the permission and check “Replicate Directory Changes All” and “Replicate Directory Change“
- Due to password writeback will be turn on too, another permission you have to give to this service account is the “Change Password” and “Reset Password” under the Advanced
- Select the service account > Advanced > Select Add > Select Principal > Service account > Descendent User Objects > Check the box for “Change Password” and “Reset Password”
- Save your changes
- Head to your AADC server and rerun the synchronization
- Check the Sync status whether it is completed without error
- The End
- ADUC – Active Directory Users and Computers
- ADS – Active Directory Sync
- OU – Organization Unit
- AADC – Azure Active Directory Connect
Prerequisites to establish trust;
- Cannot be a Read-Only Domain Controller
- Both source and target domain controllers has to hold the PDC role to establish the trust.
- Make sure you transfer the fsmo
- Both domain controllers must be able to ping each other
- Firewall are disable at both domain controllers
- Able to Nslookup each other domains
You will fail with an error if the prerequisites are not met;
“The secure channel verification on Active Directory Domain Controller <DC name> of domain <source domain> to <target domain> failed with error: The specified domain either does not exist or could not be contacted.”
The format from here doesn’t help to reformat the USB to its original size.
What I mean is this format here: File Explorer > Right click on the USB > Format
you will see that the format size allow is 32GB only, but your USB is more than that.
The resolution to this is that you use Disk Management to reformat your USB.
- Open Disk Management
- You will notice that your USB’s volume has partial that is “Unallocated” and partial is “Used”
- Right click on the USB > Delete the Volume
- Then the Volume status will become “Unallocated”
- Right click on the USB > Select New Volume > Setup the new volume of your USB
- The End
In this case, it was my lab environment, I have an external SSD which is purely just for my lab. I faced this problem is because my laptop reads the external SSD and apply that drive with a different disk letter.
So at first all my virtual Hard Disk are located in disk letter E, this is their original location.
I have multiple USB and external drives so the laptop tends to have a cache of previous used drive. I recently created a bootable USB for another product and when I try to plug in my lab’s external drive, my laptop apply the driver letter as G, I didn’t notice it until I launch my Hyper-V console, the status of my virtual machines are still showing “Off-critical” for quite a long period, refresh also didn’t work. Thus, this causes unable to boot up my virtual machines.
After some thoughts, I connect one of the virtual machine and see the location/directory of my virtual hard disk and it is pointing to the driver letter E, next I go ahead and launch the file explorer and there my external drive is no longer listed as letter E instead of the letter G.
To resolve this, I launch the “Disk management” console, and change the letter of my external drive from G to E. Head back to my Hyper-V console, my virtual machines are able to boot up and the status “Off-critical” is no longer showing.
- Do take note that it requires a requires a reboot of your laptop if you were trying to mimic/simulate this issue.
There are other reasons that you could face this issue, it could be corrupted drive, or drive is disconnected.
To those that wants to perform Live backup or export (to a local drive or external drive) of your virtual machines via Hyper-V, before you jump into that there are few things that you need to take concern of;
- Where is your virtual machines located on what server operating system?
- Does the server support live backup or export?
What is live backup or export?
- A live backup or export is where you could run your backup without having to shut down the virtual machines. This require minimal to zero impact or downtime.
If your virtual machines are hosted on a legacy server, such as Windows Server 2012 below, you are require to shut down the virtual machines and perform the backup or export. If the virtual machine is not shut down the export button will not be shown to you to perform the backup. However, please do take note that if you were to migrate virtual machines from legacy server to non-legacy server, is best to not use the export feature in the legacy server, please refer the reference below for full explanation and proper way to migrate.
If your virtual machines are hosted on a non-legacy server, such as Windows server 2012 and above, then you can perform live backup or export without the need to experiences total downtime. As technology getting more advance this is the benefit to IT admins to perform their tasks without the need to perform after hours, and end users will not experience total downtime.
Do also read up and understand when to use checkpoints and when not to use checkpoints. Is basically means snapshots.
Hey guys! I just upload a video on “Ways to setup a Lab environment”. Is a video about my experiences with types of lab environment setup, and what are my feedback for each of them and recommendation for you guys that suits your situation.
Hope you guys enjoy the video, sorry that I sound a bit sick, is actually just cold during at night. hahaha nothing serious just chillax bro. Is been awhile that I haven’t done videos, because was occupied with work.
Here is the link to the video;
Ways to Setup a Lab environment
Hope you guys find it informative.
This is my first time doing VM migration or import/export of VM from server 2008 R2 to server 2012 R2. At first, I used the export function from the Hyper-V in server 2008 R2 and I notice the export result was different from the server 2012 R2. Thus, when I try to import the VM from server 2008 R2 to server 2012 R2, it was unable to recognize.
Always make a backup copy! Don’t modify the original!
This is because 2008 or 2008 R2 are legacy servers, and choosing the export feature to export the VM will result of export EXP file instead of XML file. In server 2012 R2, VM that is exported has XML file.
The best way to import VM from legacy server is to copy the entire VM folder to server 2012 R2. When I mean entire VM folder, means its VHD and etc..
This VM that I am importing does not have any checkpoints or snapshot, so I am unsure that do you required to delete the copied snapshots before you import.
So what I did was,
- At server 2008 R2, shut down the VM
- Locate the entire Data folder of the VM in File Explorer
- Right click the folder > Properties > Share > Advanced Sharing > Add the specific user account (server 2012 R2) and the computer (server 2012 R2) > Full Control
- Is up to your choice on how you want your destination server to retrieve the source information (VM), it could be via a Network Share, a USB, or an external Hard Disk
- At server 2012 R2, open file explorer
- At the top bar, type “\\<2008 R2 server name/IP address>\<vm folder name>\”
- Copy the entire folder and paste it into server 2012 R2 (your comfortably location/driver/directory)
- Remember to remove the share permission of the folder in server 2008 R2, after you finish copying the folder from server 2008 R2 to server 2012 R2
- Create a new folder in server 2012 R2 and rename it as your actual/original VM’s folder naming in server 2008 R2, this folder will be the new location of your VM
- Go to Hyper-V in server 2012 R2 > select the Import Virtual Machine at the right side bar
- Browse and locate the VM folder that you just copied
- Select the import type “Copy the virtual machine“, this allows you to create a new unique ID of the virtual machine and also allows you to choose your new location to store this VM in sever 2012 R2
- Make sure the new location are browse to the new folder that you just created in server 2012 R2
- Then you click next > finish and wait for the importing to complete
- Make sure the VM in server 2008 R2 is Shut down
- Start or Boot up the VM in server 2012 R2 (If required to change IP address of the VM then change)
- Everything is fine and monitor for 48 hours, then only decide to remove the VM in server 2008 R2
After import the VM, Hyper-V do not start the VM automatically. You have to start the VM manually, after import completed.
So I am testing Autopilot in my lab environment, consist a Hyper-V with its Virtual Machines. Well I am doing a manual registration, so how do I export the device information that is required my VM to be register for Autopilot?
I already have a VM running Windows 10 Pro, and I ran this script to export and automatic import the device information to be register into autopilot. However, I wasn’t running the script before Out-of-the-box-experience (OOBE) happen, so to make Autopilot work on my VM, I had to reset my VM.
Once the VM has reset, it ask for region, language of my keyboard and next it shows a welcome page with the Display name and the company name. So I key in the email address and password of the user and also setup the PIN. However, I just notice that I set this user with the Standard permission only. Thus, the administrator account is disabled and I keep getting the RDP permission error prompt due to the user account is not in the RDP group in the VM.
Example of the prompt;
To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted the right manually.
How I troubleshoot this;
- Is to run MMC as administrator > File > Add/Remove Snap-in
- Key in your Office 365 admin account (an account with permission that can manage device)
- Select Local Users and Groups > Add
- Select Local computer > Finish > Ok
- Expand the local users and groups > Users > Right click Administrator > Uncheck Account is disabled
- Reset the local Administrator password too
- Select Groups > Right click on the remote desktop users > Add > Authenticated users > Ok
- Close MMC
- Sign out and Sign in again
These steps should help you from getting the prompt again.
Please take note that I am doing this in Lab environment. In production, by right not to enabled administrator account and not to do any changes to the local users and groups.